[WordPress] 外掛分享： Mirror Gravatar

內容簡介

這個外掛可以將留言者的 Gravatar 存放在你的網站並儲存之，以供每個頁面載入時直接讀取，而不是直接從 gravatar.com 下載。

這樣做有以下幾個效果：

如果一個帖子上大多數的評論都沒有 Gravatar，那麼它們將會被共享一個單獨的圖像，而不是每個評論都要載入一個圖像，這個圖像可能返回相同的“神秘”圖像。

你將會提供更多（小）的圖像。

gravatar.com 將不再有一個 Web Bug 在你的博客上，這個 Web Bug 每一次被讀取時，都是由每一個查看者進行的，現在這個 Gravatar 只在每個新留言發布時透過伺服器進行一次讀取。

Gravatar 是由 WordPress 擁有的，他們的 隱私政策 表示他們不會對此信息進行盈利，但是公司政策會變，且存在法庭傳票等問題。

使用者的 Gravatar 資料會隨著他們的評論被存儲，即使他們之後從 gravatar.com 更改或刪除他們的 Gravatar，網站還是可以顯示著以前的圖像。

此外：在評論時，Gravatar 的實時預覽將跟踪“電子郵件”字段的內容。

安全和隱私

雖然 WordPress 默認啟用 Gravatars，但對於你的博客評論者而言，Gravatars 的使用可能被視為一種隱私風險。Gravatars 公開了每個評論者電子郵件地址的 MD5 哈希值，這已經被證實存在攻擊漏洞。高度動機的攻擊者可能會將 MD5 轉換回電子郵件地址。

然而，此外掛至少不會令情況變得更糟。

外掛標籤

開發者團隊

原文外掛簡介

Locally mirrors commenters’ Gravatar, Libravatar and Mastodon avatars and serves them from your site, rather than loading them from a third-party web site upon each page load.
This has several effects:

If most of the comments on a post have no avatar, those turn into one load of a shared image, instead of one for each comment, that happens to return the same “mystery” image.

You will be serving more (small) images.

If a commenter’s URL looks like a link to a Mastodon / ActivityPub profile, their Mastodon account’s avatar will be displayed.

When commenting, a live preview of the avatar tracks the contents of the “Email” field.

gravatar.com and libravatar.org no longer have a web-bug on your blog that is loaded by each viewer. Instead of being loaded at every page view, the avatar is loaded just once, on the server-side, at the time each new comment is posted.

If someone changes or deletes their avatar, your site continues displaying the image that was their avatar at the time that they last posted.

Likewise, the user’s Gravatar or Mastodon profile is saved along with their comment, viewable by admins even if they later change or delete it.

Security and Privacy

Libravatar is open source. Gravatar is owned by WordPress, and their privacy policy says that they don’t monetize that info. But hey, corporate policies change, subpoenas exist, and domain names get sold.

Should you trust Gravatar with user data? Well, in 2024, Gravatar announced that they are pivoting to blockchain, whatever that means, so that’s fairly disqualifying. See also WordPress “growth hacking” and WordPress sells users’ data to train AI tools.

There used to be a potential issue due to Gravatars using MD5 hashes, but these days they use SHA256, so I assume that’s no longer a problem.

延伸相關外掛

Akismet Anti-spam: Spam ProtectionAkismet會檢查您的評論和聯繫表單提交，將它們與全球垃圾郵件...Antispam BeeAntispam Bee 是一款有效阻擋 WordPress 網站評論垃圾訊息的...Spam protection, Honeypot, Anti-Spam by CleanTalkCleanTalk 是一款雲端反垃圾訊息外掛，無需 CAPTCHA 即可全面...Gravatar Enhanced – Avatars, Profiles, and PrivacyGravatar Enhanced 是一款提升 WordPress 網站的外掛，簡化數...Disable CommentsDisable Comments Plugin 是一個供管理員完全關閉網站評論功...Comments – wpDiscuzwpDiscuz 是一款強大的 AJAX 實時評論系統，旨在提升 WordPre...Disqus Comment SystemDisqus 是網路上最受歡迎的評論系統，被數百萬的出版商信任，...Throws SPAM Away這個外掛的開發旨在打擊海外的評論垃圾郵件，目前以下的篩選...Subscribe to CommentsSubscribe to Comments是一個強大的 WordPress 外掛，讓留言...Cookies for Comments這個外掛將會在你的部落格 HTML 的原始碼中新增一個樣式表或...Disable Comments此外掛完全禁用網站前端和後端的評論功能： * 隱藏現有評論 *...Native PHP Sessions WordPress 核心不使用 PHP sessions，但有時您的使用案例、...Subscribe To Comments ReloadedSubscribe to Comments Reloaded 是一個功能強大的外掛，讓留...Post-Plugin LibraryPost-Plugin Library 是一個共享代碼庫，並沒有獨立的功能，...One Click Close Comments使用者可以從文章管理頁面(‘編輯文章’)及頁面管...